Connect to SingleStore Helios using AWS PrivateLink

Configure both the outbound and inbound connections to connect your workspace to AWS PrivateLink. Contact SingleStore Support if you need assistance setting up or configuring private connections.

Configure Inbound Connections

To successfully set up an inbound connection to SingleStore Helios using AWS PrivateLink, you need to perform the following tasks:

  1. Create an Inbound Connection on the Cloud Portal

  2. Create a Private Endpoint on the Amazon VPC Console

Create an Inbound Connection on the Cloud Portal

On the Cloud Portal,

  1. Select your_Workspace_Group > Firewall.

  2. Under PRIVATE LINKS, select Create Connection.

  3. On the Create Connection dialog, enter or select the following information:

    1. Connection Type: Select the Inbound connection type from the list.

    2. Workspaces: Select your workspace you want to connect with from the list. Select None to create a DDL connection.

    3. AWS Account ID (Inbound connections only): Enter the AWS Account ID associated with your VPC/private endpoint.

  4. Select Create Connection.

Once the connection is ready to use, which may take a few minutes, its status changes to ACTIVE. If an error occurs while creating the private connection, the connection is deleted automatically. Hover over the DELETED status indicator to view the error message.

Copy the VPC Endpoint Service Name of your connection, and enter it in the Service name box while creating a private endpoint on the Amazon VPC Console. Refer to Manage Private Connections for information on how to view the private connection details.

Create a Private Endpoint on the Amazon VPC Console

Create a private endpoint using the Service name copied earlier:

  1. On the Amazon VPC console, select Endpoints > Create endpoint.

  2. Under Service Category, select Other endpoint services.

  3. Enter the Service name copied from the Cloud Portal in the Service name box.

  4. Select Verify service to verify the Service name.

  5. Under VPC, select the VPC from which you'll connect with the AWS service.

  6. Under Subnets, select one subnet per Availability Zone from which you'll connect to the AWS service.

  7. Select Create endpoint.

You can use the endpoint after it enters the Available state. Refer to Endpoint states for more information. Create a security group to control access to the endpoint, and then attach the security group to the endpoint. Refer to Control traffic to resources using security groups for more information.

Note

SingleStore Helios does not support Certificate Authority (CA) verification for inbound connections. For information on connecting to SingleStore Helios using SSL, refer to Connect to SingleStore Helios using TLS/SSL.

Configure Outbound Connections

To successfully set up an outbound connection to SingleStore Helios using AWS PrivateLink, you need to perform the following tasks:

  1. Copy the AWS account ID from the Cloud Portal

  2. Create an Endpoint Service on the AWS Console

  3. Create an Outbound Connection on the Cloud Portal

Copy the AWS Account ID from the Cloud Portal

On the Cloud Portal,

  1. Select your_Workspace_Group > Firewall > PRIVATE LINKS > Create Connection.

  2. On the Create Connection dialog, from the Connection Type list, select Outbound. Copy the AWS account ID displayed below.

You'll need to whitelist this ID while creating your endpoint service (as explained below).

Create an Endpoint Service on the AWS Console

On the AWS Console,

  1. Create a target group for each of the broker services, select EC2 > Target groups > Create Target group.

  2. Create a network load balancer, select EC2 > Load Balancers > Create Load Balancer.

  3. Under Network Load Balancer, select Create. Your workspace and the load balancer must be in the same region. Ensure that Cross-zone load balancing is enabled.

  4. In the AWS Console, select VPC > Endpoint Services > Create Endpoint Service, and associate it with the Network Load Balancer created in the previous step. Your workspace and endpoint service must be in the same region.

  5. For this service, under Whitelisted principals, add the AWS account ID copied from the Cloud Portal in the "arn:aws:iam::<account id>:root" format. This enables SingleStore to find and access the private endpoint service.

  6. Verify that the security group rules in your VPC allow inbound traffic from the endpoint service. Refer to Control traffic to resources using security groups for more information.

  7. Copy the Service Name of this AWS endpoint service,

Create an Outbound Connection On the Cloud Portal

On the Cloud Portal,

  1. Select your_Workspace_Group > Firewall.

  2. Under PRIVATE LINKS, select Create Connection.

  3. On the Create Connection dialog, enter or select the following information:

    1. Connection Type: Select the Outbound connection type from the list.

    2. Workspaces: Select your workspace you want to connect with from the list. Select None to create a DDL connection.

    3. DNS name (Outbound connections only): Enter the Service Name associated with your AWS endpoint service.

  4. Select Create Connection.

The connection is ready to use, once the endpoint status changes to Available. If an error occurs while creating the private connection, the connection is deleted automatically. Hover over the DELETED status indicator to view the error message.

Last modified: October 19, 2023

Was this article helpful?